I've always wondered the same thing: how to keep OS X from storing the WPA passphrase (or PSK) in NVRAM.
Using 'nvram' I could never find the variable that I thought held these credentials. Today, I tried booting to a USB live image of Linux and running Chipsec. Its command to list EFI variables has many more results than I was getting by running nvram ...

There is no security risk. That is only audio and no data access is possible.
But there maybe some health concerns if using previously used earphone that are not sterilized. Whipping them with a germs killer wet-tissue or alcohol should do it.

There is some literature out there for you (e.g.here or here). Basically there is different means of protection.
Locating the device (Find my Mac)
Surveillance apps (also have a look at the OS X Back to my mac, which reportedly freed some Macs from their thieves)
Data security / encryption (e.g. Filevault2 encryption, Firmware password)
Physical ...

If moving to Android is an option, then you clearly don't need anything that's in the account. So just create a new one and link your device to that account instead. And when you do create a new account, be sure to link a mobile phone number and another email address to it, so that the same thing can't happen again.